from the abuse-of-______ dept

This week, the Komodia/Superfish scandal got even worse. So bad, in fact, that the only appropriate response was sheer sarcasm, which Rich Kulawiec provided in our most insightful comment of the week:

Oh, come now, this isn't so bad

It's not like they did something really bad, something so destructive and damaging to the privacy and security of millions of people that it required immediate attention from federal law enforcement agencies combined with the threat of aggressive prosecution that could result in decades in prison...something like, oh, I don't know, downloading scientific research papers?

For editor's choice on the insightful side, we'll look at two other examples of people abusing power, the law, the market or all of the above. First up, after Total Wipes decided the word "download" meant infringement and proceeded to abuse the DMCA to take down all kinds of innocent sites, That One Guy opined on the inevitability of it all:

Natural result of a one-sided law

When a system or law has absolutely no penalty for abuse, it will be abused, and to expect anything less is foolish. Companies who file clearly bogus DMCA claims face no penalty whatsoever for doing so, even if the claims are blatantly false, yet the ones receiving them are still forced to treat them all as valid, unless they want to face harsh legal penalties.

If the DMCA was intended to be even remotely balanced, then there would be hard penalties for sending such obviously false claims, but as it stands, it's working exactly as it was intended to, completely favoring one side, at the cost of the other.

We don't. We're having "this kind of dialogue"---such as it is---only because the government and intelligence community has been dragged, kicking and screaming and pronouncing the immediate doom of us all, into it.

I cycle through a lot of emotions as I keep up with all this... concern, mistrust, whatever. But comments like that make me genuinely angry.

Last but not least, we've got an anonymous commenter who has daringly taken the side of government officials demanding a magical, un-abusable backdoor key to encrypted devices. The engineers have insisted such a thing is fundamentally impossible, but clearly they were just too lazy to hammer out the code:

(There appear to be some syntax errors there, including the use of an assignment operator instead of a comparison one, which would make every "guy" register as "good" automatically. Which means this approach should be just about as secure as any genuine attempt would.)

from the 88-years-of-communication-regulation dept

Five Years Ago

This week in 2010, we continued following the story of the school caught spying on students through webcams in their laptops, and the details were not looking good. Especially when we discovered the student in question was only guilty of eating candy.

from the looking-at-the-other-side dept

Let me start this post off by noting that I'm a huge fan of crowdfunding and think that it's an amazing force for all sorts of good things in art, culture and innovation. That's part of the reason why we do a weekly awesome stuff post highlighting interesting (and sometimes awesome) crowdfunding projects. But, it should be noted that crowdfunding projects don't always turn out great. There are plenty of horror stories to go around -- some involving what appear to be outright fraud, certainly -- mostly just because project creators are way overly optimistic on their ability to achieve their goals. I've backed a few dozen projects, and I can only think of a handful that were delivered on time. To be honest, this doesn't bother me so much. What's much worse is that as projects go bad, the project creators tend to disappear, not updating people with the bad news, leading people to get angrier and angrier.

Kickstarter, for one, has long tried to make it clear that it is "not a store," but rather that you're backing a project, and there's risk associated with that -- including the risk that a project may fail. However, it's still disappointing to back a project and have it be totally disappointing. So, this week, I thought I'd ask people about the most disappointing crowdfunded projects they've seen or backed. And I'll reveal mine. Back in the summer of 2013, on one of our awesome stuffs I wrote about the HOT Watch, a new smart watch that had some interesting features, including the ability to hold your hand up to your ear and use your hand like a phone. The video for the project was super cheesy/infomercially, which scared me off, but I'd become somewhat fascinated with the possibilities for smartwatches, and at the last minute bought into it. The backers of the project swore up and down, left, right and center, that the project would ship in time for Christmas in 2013. Right up until basically the end of the year the company insisted it would be shipping. It's now February of 2015 and I still don't have mine. Because I just don't care any more, I've asked them for a refund and they haven't replied, which is pretty much what I expected. Some people appear to have received theirs -- but I haven't and it's now 15 months late, and the market for smartwatches has moved way past the HOT Watch.

Lesson learned: crowdfunder beware.

Another, similar project, which (thankfully) I did not back is the Lima, which was a little device that was supposed to enable you to very easily set up your own personal cloud with USB devices at home. That presentation was super slick, and I was tempted to back it, but the pricing seemed a little steep, and I'm glad I didn't because while it also promised delivery by December 2013, at last check, it also has not delivered at all, and there are tons of people demanding refunds. I had mentioned the Lima in another awesome stuff post, and the company reached out to me saying the team wanted to send me a postcard (?!?!) as a thank you. I told the person not to bother, but the company still found our office address and sent it anyway. It seems like, rather than sending out post cards to people who don't want them, they could have put time into working on the product.

Anyway, this isn't to knock crowdfunding, or even these two projects in particular. It's just to note that there are risks associated with crowdfunding, and certain projects turn out to be flops, so you need to be aware. In the meantime, would love to hear about crowdfunding flops that you have backed (or luckily avoided...).

from the um. dept

In the long, convoluted and complex legal battles facing Megaupload founder Kim Dotcom, there was some bizarre stuff that happened late last year. As you may recall, early on, the US government seized basically all of his stuff and money. Dotcom has made efforts to get some of it returned, as it's tough to fight the most powerful government in the world when it's holding onto all of your money. Keep in mind from our previous discussions on asset seizure and forfeiture, the government can basically seize whatever it wants, just by claiming it was somehow related to a crime, but the seizure is only a temporary process. If the government wants to keep it, it then needs to go through a separate process known as civil asset forfeiture, which is effectively the government suing the assets. Back in July, the US government moved to forfeit everything it had seized from Dotcom in a new lawsuit with the catchy name USA v. All Assets Listed In Attachment A, And All Interest, Benefits, And Assets Traceable Thereto. As you may have guessed, Attachment A [pdf] is basically all of Kim Dotcom's money and posessions.

Back in November, the DOJ argued that it should get to keep all of Kim Dotcom's money and stuff because he's a "fugitive", which is a bizarre and ridiculous way to portray Kim Dotcom, who has been going through a long and protracted legal process over his potential extradition from New Zealand (though he's offered to come to the US willingly if the government lets him mount a real defense by releasing his money). Dotcom's lawyers told the court that it's ridiculous to call him a fugitive, but it appears that Judge Liam O'Grady didn't buy it.

In a ruling [pdf] that was just posted a little while ago, O'Grady sided with the government, and gave the DOJ all of Dotcom's things. You can read the full reasoning here and it seems to take on some troubling logic. Dotcom's lawyers pointed out, as many of us have, that there is no secondary copyright infringement under criminal law, but the judge insists that there's enough to show "conspiracy to commit copyright infringement." But the reasoning here is bizarre. Part of it is the fact that Megaupload did remove links to infringing content from its top 100 downloads list. To me, that seems like evidence of the company being a good actor in the space, and not trying to serve up more infringing downloads. To Judge O'Grady and the DOJ, it's somehow evidence of a conspiracy. No joke.

The government
has alleged that the conspirators knew that these files were infringing copyrights, as evidenced
by their exclusion of infringing files from the "Top 100" list. The "Top 100" list purported to
list the most frequently downloaded files on Megaupload.... According to the
government, an accurate list would have consisted almost entirely of infringing content, so the
claimants "carefully curated" the list to make the site look more legitimate.... Additionally, the
claimants regularly told copyright holders, including many U.S.-based organizations, that they
would remove infringing content, when in actuality they only removed particular links to the
files.... The actual infringing files remained on the Mega-controlled servers and
could be accessed from other links.

As for that latter part, there are tons of perfectly legitimate reasons to only remove the links and not the underlying files. If Megaupload was doing deduping, then some version of the same file could be perfectly legitimate. Let's take an example: say that you and I have an MP3 of a Katy Perry song. I upload it to Megaupload to keep as a backup. You upload it to distribute to the world. Megaupload dedupes it, and just has the file stored one time. Your link could be potentially infringing if you distribute unauthorized copies, whereas my copy may be a legitimate personal backup. Given that, Megaupload should only delete the links that are called out as infringing, rather than the underlying files, which -- depending on their use -- may or may not be infringing. But the court just takes the DOJ's version and says "good enough for me."

The court also has no problem with the fact that most of the assets aren't in the US, noting that since some of the "conspiracy" took place in the US, that's good enough. It more or less brushes off the concerns raised by Dotcom and the other defendants that this appears to violate existing treaties between New Zealand and the US -- basically saying that because Dotcom refuses to come to the US, it's not "punitive." Huh? On top of that, the judge says that taking all of Dotcom's assets shouldn't interfere with the legal process in New Zealand, because the New Zealand courts could (yeah right) reject the DOJ's request after this ruling to hand over Dotcom's assets.

Then we get to the whole "fugitive" bit. Judge O'Grady notes that the statute does allow him to call anyone who "declines to enter" the United States a fugitive, and argues that Dotcom fits that description. Furthermore, he actually argues that Dotcom's offer to the DOJ to come willingly to the US if the money is freed for his defense actually works against Dotcom, and gives weight to the fugitive claim:

As demonstrated, Dotcom need not have previously visited the United States in order to
meet the prerequisites of § 2466. The statute is satisfied where the government shows that the
claimant is on notice of the criminal charges against him and refuses to "enter or reenter" the
country with the intent to avoid criminal prosecution. Because the court assesses intent under the
totality of the circumstances, it is certainly relevant that Dotcom has never been to the United
States and that he has lived in New Zealand since 2011, where he resides with his family. This
tends to show that he has other reasons for remaining in New Zealand besides avoiding criminal
prosecution. However, the existence of other motivations does not preclude a finding that he
also has a specific intent to avoid criminal prosecution. Dotcom's statements, made publicly and
conveyed by his attorneys to the government, indicate that he is only willing to face prosecution
in this country on his own terms. See Technodyne, 753 F.3d at 386 (2d Cir. 2014) ("The district
court was easily entitled to view those [requests for bail], evincing the [claimants'] desire to face
prosecution only on their own terms, as a hallmark indicator that at least one reason the
[claimants] declined to return in the absence of an opportunity for bail was to avoid
prosecution"). Dotcom has indicated through his statements that he wishes to defend against the
government's criminal charges and litigate his rights in the forfeiture action. If it is truly his
intent to do so, then he may submit to the jurisdiction of the United States.

In short, damned if you do, damned if you don't. This is the justice system, ladies and gentlemen. The DOJ gets to seize and keep all your money, and merely asking for access to it to fight to show your innocence is used as a reason to allow the DOJ to keep it. So he comes to the US and has to fight criminal charges without his own money, or he stays in New Zealand and the government uses it as an excuse to keep all the money. How is any of this even remotely fair? Where is the "due process" in totally handicapping Dotcom from presenting a defense?

Again, it is entirely possible that Dotcom and the others broke the law -- though the case certainly does look pretty weak to me. But what's really astounding is how far the DOJ appears to want to go to make it absolutely impossible for Dotcom to present a full defense of his case.

from the let's-try-again,-shall-we dept

It's been talked about for a while, but on Friday, the White House released a draft of what it's calling a "Consumer Privacy Bill of Rights." Conceptually, that sounds like a decent idea, but in practice? Not so much. Yes, it's just a draft, but it's got a lot of vague hand-waving, and basically no one seems all that thrilled about it, either from the privacy advocate side or the tech company side. Also, it doesn't even address the biggest privacy concern of all: government surveillance and snooping.

Privacy is, of course, one of those things that can be rather tricky to regulate, for a variety of reasons. Many attempts turn out badly, and don't really do much to actually protect privacy -- while sometimes blocking legitimate and useful innovations. While we're big supporters of protecting one's privacy we're at least somewhat concerned about legislation that appears to be pretty sloppy, and not all that well defined or thought out. This feels like a "we needed to do something, so here's something" kind of draft bill, rather than a "here's a legitimate problem, and here's how to fix it." It feels like a lost opportunity.

from the urls-we-dig-up dept

Some people are naturally skinny and able to eat almost anything they want without gaining weight. Obviously, there are also plenty of folks who need to watch their diets very carefully and exercise regularly to prevent unhealthy weight gain. The causes for obesity are not well understood, and while many observers like to say it's obvious that people need to expend more calories than they consume, the challenge of doing so isn't as simple as it sounds for many. There aren't any miracle diets or drugs, but as we study obesity and understand it more, there could be more palatable treatments someday.

from the turn-the-other-cheek dept

Show of hands: who remembers the North Face vs. South Butt saga? Ah, yes, the trademark battle built perfectly for those of us with a sophomoric sense of humor, fully entertained us three years ago, when an upstart clothier attempted to be funny and the humorless lawyers at North Face cried consumer confusion. While the claim of confusion was as laughable as the rest of the story, the court proceedings saw South Butt agree to change its brand name. Which it did...to Butt Face, because why the hell not? South Butt/Butt Face, after all, was pimping its own publicity by streisanding its way through court proceedings, all thanks to North Face refusing to put down the litigation stick.

The Ft. Lauderdale company faces a trademark infringement lawsuit from Under Armour — and plans to fight. The $3 billion Baltimore athletic apparel maker also accused the snowboard shorts maker of unfair competition and cybersquatting for using the name Ass Armor and a tagline that could be confused with Under Armour's. The defendant copies Under Armour by using similar lettering and putting the Ass Armor name along the shorts' waistband, the lawsuit says.

"Making matters worse, similar to Under Armour's well-known and widely promoted Protect This House tagline mark, defendants use, advertise and promote their Ass Armor mark, name and products… in connection with the Protect Your Assets tagline," says the lawsuit, filed last month in U.S. District Court in Maryland.

Could the well-known Under Armour brand and imagery be somehow confused with Ass Armor and its logo?

Frankly, it stretches credulity to believe that such confusion is likely. More likely this is simply the latest in a long line of battles Under Armour's legal team has staged for itself, having previously gone after Skechers, Salt Armour Inc., and others. Much like the South Butt case, it's woefully likely that all the courts will see is the obvious play on some of the more generic aspects of Under Armour's marks rather than actually weighing any real concerns over customer confusion.

What's clear is that trademark wasn't designed to keep this kind of stuff tied up in court battles like this. Unlike South Butt, Ass Armor appears to be willing to fight the battle.

"We strongly believe the lawsuit filed by Under Armour has no merit," said Scherr, president of the company that makes only the padded shorts, in an email Thursday. "Ass Armor has spent months fighting with Under Armour in front of the Trademark Trial and Appeal Board and then, without notice, Under Armour filed this matter in federal court. We believe this is a classic David and Goliath battle. As David, we intend to fight."

from the less-is-more dept

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so -- the latest being hard drives and mobile phones. That's profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that's how things stand, there are a couple of interesting ramifications.

First, that the recent attempts by politicians to demonize strong encryption look like an attempt to cover up the fact that most digital systems are already vulnerable using one or more of the techniques that have been revealed over the last year or two. That is, the NSA and GCHQ can probably access most digital content stored or transmitted in any way -- either because the encryption itself or the end-points have been compromised. Even standalone strong encryption systems like PGP -- thought still to be immune to direct attacks -- can be circumvented by breaking into the systems on which they are used.

Perhaps the darkhints that encryption could be banned or backdoored are simply part of a cynical ploy to present such an appalling vision of what could happen, that we gladly accept anything less extreme without complaint. In fact, the authorities have no intention of attempting anything so stupid -- it would put all online business at risk -- because they don't need to: they already have methods to access everything anyway.

That being the case, there is another important question. If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world -- ranging from the so-called "terrorist" ones that are used to justify so much bad policy currently, to the "traditional" ones that represent the bulk of the real threat to society -- that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don't see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance -- and nipped in the bud?

One obvious explanation for this pattern is that just as the attackers of London, Boston, Paris and Copenhagen were all known to the authorities, so early tell-tale signs of the rise of Islamic State were detected, but remained drowned out by the sheer volume of similar and confounding information that was being gathered. Similarly, it is presumably easy to create huge stores of information on drug bosses or people smugglers -- but hard to find enough personnel to analyze and act on that data mountain.

Now that we have a better idea of the extraordinary reach of the global surveillance being carried out at all times, the failure of that activity to make us safer by countering criminal activity, at whatever scale, becomes all the more striking. It's time the intelligence agencies accepted that the "collect it all" approach is not just failing, but actually exactly wrong: what we need is not more surveillance, but much less of it and much better targeted.

from the doesn't-paypal-like-encryption? dept

There are way too many stories of Paypal unfairly and ridiculously cutting off services that rely on it as a payment mechanism, but here's yet another one. Mega, the cloud storage provider that is perhaps well-known for being Kim Dotcom's "comeback" act after the US government shut down Megaupload, has had its Paypal account cut off. The company claims that Paypal was pressured by Visa and Mastercard to cut it off:

Visa and MasterCard then pressured PayPal to cease providing payment services to MEGA.

MEGA provided extensive statistics and other evidence showing that MEGA's business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA. PayPal has apologised for this situation and confirmed that MEGA management are upstanding and acting in good faith. PayPal acknowledged that the business is legitimate, but advised that a key concern was that MEGA has a unique model with its end-to-end encryption which leads to “unknowability of what is on the platform”.

MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA's "unique encryption model" presents an insurmountable difficulty.

That last line is particularly bizarre, given that if anyone recognizes the value of encryption it should be a freaking payments company. And, of course, Paypal can't know what's stored on any of those other platforms, so why is it being pressured to cut off Mega?

Mega's theory -- which is mostly reasonable -- is that because Mega was mistakenly listed in a report released by the "Digital Citizens Alliance" that insisted Mega was a rogue cyberlocker storing infringing content, that payment companies were told to cut it off. If true, this is problematic on multiple levels. The methodology of the report was absolutely ridiculous. Because most Mega files are stored privately (like any Dropbox or Box or Google Drive account), the researchers at NetNames have no idea what's actually being stored there or if it's being done perfectly legitimately. Instead, they found a few links to infringing works, and then extrapolated. That's just bad research practices.

Furthermore, the Digital Citizens Alliance is hardly an unbiased third party. It's an MPAA front group that was the key force in the MPAA's (now revealed) secret plan to have states attorneys general attack Google. Think the MPAA has reasons to try to go after any potential revenue source for Kim Dotcom? Remember, taking down Megaupload and winning in court against Dotcom was a key focus of the company since 2010 or so, and Dotcom recently noted that he's out of money and pleading with the court to release some of the funds seized by the government to continue to fight his case. The lawyers who represented him all along quit late last year when he ran out of money. It seems like the MPAA might have ulterior motives in naming Mega to that list, don't you think?

And, this all goes back to this dangerous effort by the White House a few years ago to set up these "voluntary agreements" in which payment companies would agree to cut off service to sites that the entertainment industry declared "bad." There's no due process. There's no adjudication. There's just one industry getting to declare websites it doesn't like as "bad" and all payment companies refusing to serve it. This seems like a pretty big problem.

from the and-we-look-forward-to-the-eventual-copyright-fight dept

Yesterday evening I saw a tweet zip by in which some very smart people I know and respect appeared to be arguing about the color of a dress. It seemed like a weird thing, so I went and looked and saw what appeared to be a white and gold dress. No big deal. But, other people insisted that it was blue and black. Vehemently. At first I thought it was a joke. Or an optical illusion. Or maybe it depended on your monitor. But I called over a colleague here in the office, and she swore that it was blue and black. And I was 100% sure that it was white and gold. If you somehow live under a rock, here's the image:

We now know the "truth" (sort of) -- which is that the dress itself really is blue and black, but thanks to the lighting and some odd visual tricks it appears white and gold to a large part of the population. For what it's worth, many people report that after a period of time it switches, and that's true for me too. Late last night I took one last look (after everyone else in my family swore that it was blue and black) and I saw it blue and black. Amusingly, at almost exactly the same time, my wife suddenly saw it as white and gold. My mother-in-law suggested we both need to seek mental help. There are fights like this going on all over the internet, with lots of people trying to decipher why this image seems to work this way. So why are we writing about it here? Because it's Fair Use Week, and what a great fair use story.

This image isn't just being showed everywhere, it's being modified, flipped, adjusted, poked and prodded as people discuss it in all sorts of ways (comment and criticism). And it's all fair use. Take, for example, our own Leigh Beadon, who put forth on Twitter a theory about why different people see it in different ways:

Vice has an amazing story in which they present the image to a color vision expert who is so stumped he admits he may give up trying to cure blindness to devote the rest of his life to understanding the dress. The folks over at Vox both insist that the color changing can't be explained and that it can be (journalism!). The folks at Deadspin say you're all wrong and the dress is actually blue and brown. Almost all of these are using not just versions of the image, but modified ones as well, to try to demonstrate what they're talking about.

And there's been no talk about copyright. Because we don't need to be discussing copyright, because this is all fair use. Last night, some were pointing out that this was such an "internet" story that it's great that it came out on the same day the FCC voted for net neutrality, but I say it's an even better way to close out fair use week, with a great demonstration of why fair use matters.